Issues in Media.php (master) - Issues in master - sonata-project/SonataMediaBundle - Measure and Improve Code Quality continuously with Scrutinizer

Issues (234)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Model/Media.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

declare(strict_types=1);

/*
 * This file is part of the Sonata Project package.
 *
 * (c) Thomas Rabaix <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace Sonata\MediaBundle\Model;

use Imagine\Image\Box;
use Sonata\ClassificationBundle\Model\CategoryInterface;
use Symfony\Component\Validator\Context\ExecutionContextInterface;

abstract class Media implements MediaInterface
{
    /**
     * @var string
     */
    protected $name;

    /**
     * @var string
     */
    protected $description;

    /**
     * @var bool
     */
    protected $enabled = false;

    /**
     * @var string
     */
    protected $providerName;

    /**
     * @var int
     */
    protected $providerStatus;

    /**
     * @var string
     */
    protected $providerReference;

    /**
     * @var array
     */
    protected $providerMetadata = [];

    /**
     * @var int
     */
    protected $width;

    /**
     * @var int
     */
    protected $height;

    /**
     * @var float
     */
    protected $length;

    /**
     * @var string
     */
    protected $copyright;

    /**
     * @var string
     */
    protected $authorName;

    /**
     * @var string
     */
    protected $context;

    /**
     * @var bool
     */
    protected $cdnIsFlushable;

    /**
     * @var string
     */
    protected $cdnFlushIdentifier;

    /**
     * @var \DateTime
     */
    protected $cdnFlushAt;

    /**
     * @var int
     */
    protected $cdnStatus;

    /**
     * @var \DateTime
     */
    protected $updatedAt;

    /**
     * @var \DateTime
     */
    protected $createdAt;

    /**
     * @var mixed
     */
    protected $binaryContent;

    /**
     * @var string
     */
    protected $previousProviderReference;

    /**
     * @var string
     */
    protected $contentType;

    /**
     * @var int
     */
    protected $size;

    /**
     * @var GalleryItemInterface[]
     */
    protected $galleryItems;

    /**
     * @var CategoryInterface
     */
    protected $category;

    public function __toString()
    {
        return $this->getName() ?: 'n/a';
    }

    public function prePersist(): void
    {
        $this->setCreatedAt(new \DateTime());
        $this->setUpdatedAt(new \DateTime());
    }

    public function preUpdate(): void
    {
        $this->setUpdatedAt(new \DateTime());
    }

    /**
     * @static
     *
     * @return string[]
     */
    public static function getStatusList()
    {
        return [
            self::STATUS_OK => 'ok',
            self::STATUS_SENDING => 'sending',
            self::STATUS_PENDING => 'pending',
            self::STATUS_ERROR => 'error',
            self::STATUS_ENCODING => 'encoding',
        ];
    }

    public function setBinaryContent($binaryContent): void
    {
        $this->previousProviderReference = $this->providerReference;
        $this->providerReference = null;
        $this->binaryContent = $binaryContent;
    }

    public function resetBinaryContent(): void
    {
        $this->binaryContent = null;
    }

    public function getBinaryContent()
    {
        return $this->binaryContent;
    }

    public function getMetadataValue($name, $default = null)
    {
        $metadata = $this->getProviderMetadata();

        return $metadata[$name] ?? $default;
    }

    public function setMetadataValue($name, $value): void
    {
        $metadata = $this->getProviderMetadata();
        $metadata[$name] = $value;
        $this->setProviderMetadata($metadata);
    }

    public function unsetMetadataValue($name): void
    {
        $metadata = $this->getProviderMetadata();
        unset($metadata[$name]);
        $this->setProviderMetadata($metadata);
    }

    public function setName($name): void
    {
        $this->name = $name;
    }

    public function getName()
    {
        return $this->name;
    }

    public function setDescription($description): void
    {
        $this->description = $description;
    }

    public function getDescription()
    {
        return $this->description;
    }

    public function setEnabled($enabled): void
    {
        $this->enabled = $enabled;
    }

    public function getEnabled()
    {
        return $this->enabled;
    }

    public function setProviderName($providerName): void
    {
        $this->providerName = $providerName;
    }

    public function getProviderName()
    {
        return $this->providerName;
    }

    public function setProviderStatus($providerStatus): void
    {
        $this->providerStatus = $providerStatus;
    }

    public function getProviderStatus()
    {
        return $this->providerStatus;
    }

    public function setProviderReference($providerReference): void
    {
        $this->providerReference = $providerReference;
    }

    public function getProviderReference()
    {
        return $this->providerReference;
    }

    public function setProviderMetadata(array $providerMetadata = []): void
    {
        $this->providerMetadata = $providerMetadata;
    }

    public function getProviderMetadata()
    {
        return $this->providerMetadata;
    }

    public function setWidth($width): void
    {
        $this->width = $width;
    }

    public function getWidth()
    {
        return $this->width;
    }

    public function setHeight($height): void
    {
        $this->height = $height;
    }

    public function getHeight()
    {
        return $this->height;
    }

    public function setLength($length): void
    {
        $this->length = $length;
    }

    public function getLength()
    {
        return $this->length;
    }

    public function setCopyright($copyright): void
    {
        $this->copyright = $copyright;
    }

    public function getCopyright()
    {
        return $this->copyright;
    }

    public function setAuthorName($authorName): void
    {
        $this->authorName = $authorName;
    }

    public function getAuthorName()
    {
        return $this->authorName;
    }

    public function setContext($context): void
    {
        $this->context = $context;
    }

    public function getContext()
    {
        return $this->context;
    }

    public function setCdnIsFlushable($cdnIsFlushable): void
    {
        $this->cdnIsFlushable = $cdnIsFlushable;
    }

    public function getCdnIsFlushable()
    {
        return $this->cdnIsFlushable;
    }

    public function setCdnFlushIdentifier($cdnFlushIdentifier): void
    {
        $this->cdnFlushIdentifier = $cdnFlushIdentifier;
    }

    public function getCdnFlushIdentifier()
    {
        return $this->cdnFlushIdentifier;
    }

    public function setCdnFlushAt(?\DateTime $cdnFlushAt = null): void
    {
        $this->cdnFlushAt = $cdnFlushAt;
    }

    public function getCdnFlushAt()
    {
        return $this->cdnFlushAt;
    }

    public function setUpdatedAt(?\DateTime $updatedAt = null): void
    {
        $this->updatedAt = $updatedAt;
    }

    public function getUpdatedAt()
    {
        return $this->updatedAt;
    }

    public function setCreatedAt(?\DateTime $createdAt = null): void
    {
        $this->createdAt = $createdAt;
    }

    public function getCreatedAt()
    {
        return $this->createdAt;
    }

    public function setContentType($contentType): void
    {
        $this->contentType = $contentType;
    }

    public function getContentType()
    {
        return $this->contentType;
    }

    public function getExtension()
    {
        $providerReference = $this->getProviderReference();
        if (!$providerReference) {
            return null;
        }

        // strips off query strings or hashes, which are common in URIs remote references
        return preg_replace('{(\?|#).*}', '', pathinfo($providerReference, PATHINFO_EXTENSION));

    }

    public function setSize($size): void
    {
        $this->size = $size;
    }

    public function getSize()
    {
        return $this->size;
    }

    public function setCdnStatus($cdnStatus): void
    {
        $this->cdnStatus = $cdnStatus;
    }

    public function getCdnStatus()
    {
        return $this->cdnStatus;
    }

    public function getBox()
    {
        return new Box($this->width, $this->height);
    }

    public function setGalleryItems($galleryItems): void
    {
        $this->galleryItems = $galleryItems;
    }

    public function getGalleryItems()
    {
        return $this->galleryItems;
    }

    public function getPreviousProviderReference()
    {
        return $this->previousProviderReference;
    }

    /**
     * NEXT_MAJOR: Remove this method when bumping Symfony requirement to 2.8+.
     */
    public function isStatusErroneous(ExecutionContextInterface $context): void
    {
        if ($this->getBinaryContent() && self::STATUS_ERROR === $this->getProviderStatus()) {
            $context->buildViolation('invalid')->atPath('binaryContent')->addViolation();
        }
    }

    /**
     * @return CategoryInterface
     */
    public function getCategory()
    {
        return $this->category;
    }

    /**
     * @param CategoryInterface|null $category
     */
    public function setCategory($category = null): void
    {
        if (null !== $category && !is_a($category, CategoryInterface::class)) {
            throw new \InvalidArgumentException(
                '$category should be an instance of Sonata\ClassificationBundle\Model\CategoryInterface or null'
            );
        }

        $this->category = $category;
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* This file is part of the Sonata Project package.
7			*
8			* (c) Thomas Rabaix <[email protected]>
9			*
10			* For the full copyright and license information, please view the LICENSE
11			* file that was distributed with this source code.
12			*/
13
14			namespace Sonata\MediaBundle\Model;
15
16			use Imagine\Image\Box;
17			use Sonata\ClassificationBundle\Model\CategoryInterface;
18			use Symfony\Component\Validator\Context\ExecutionContextInterface;
19
20			abstract class Media implements MediaInterface
21			{
22			/**
23			* @var string
24			*/
25			protected $name;
26
27			/**
28			* @var string
29			*/
30			protected $description;
31
32			/**
33			* @var bool
34			*/
35			protected $enabled = false;
36
37			/**
38			* @var string
39			*/
40			protected $providerName;
41
42			/**
43			* @var int
44			*/
45			protected $providerStatus;
46
47			/**
48			* @var string
49			*/
50			protected $providerReference;
51
52			/**
53			* @var array
54			*/
55			protected $providerMetadata = [];
56
57			/**
58			* @var int
59			*/
60			protected $width;
61
62			/**
63			* @var int
64			*/
65			protected $height;
66
67			/**
68			* @var float
69			*/
70			protected $length;
71
72			/**
73			* @var string
74			*/
75			protected $copyright;
76
77			/**
78			* @var string
79			*/
80			protected $authorName;
81
82			/**
83			* @var string
84			*/
85			protected $context;
86
87			/**
88			* @var bool
89			*/
90			protected $cdnIsFlushable;
91
92			/**
93			* @var string
94			*/
95			protected $cdnFlushIdentifier;
96
97			/**
98			* @var \DateTime
99			*/
100			protected $cdnFlushAt;
101
102			/**
103			* @var int
104			*/
105			protected $cdnStatus;
106
107			/**
108			* @var \DateTime
109			*/
110			protected $updatedAt;
111
112			/**
113			* @var \DateTime
114			*/
115			protected $createdAt;
116
117			/**
118			* @var mixed
119			*/
120			protected $binaryContent;
121
122			/**
123			* @var string
124			*/
125			protected $previousProviderReference;
126
127			/**
128			* @var string
129			*/
130			protected $contentType;
131
132			/**
133			* @var int
134			*/
135			protected $size;
136
137			/**
138			* @var GalleryItemInterface[]
139			*/
140			protected $galleryItems;
141
142			/**
143			* @var CategoryInterface
144			*/
145			protected $category;
146
147			public function __toString()
148			{
149			return $this->getName() ?: 'n/a';
150			}
151
152			public function prePersist(): void
153			{
154			$this->setCreatedAt(new \DateTime());
155			$this->setUpdatedAt(new \DateTime());
156			}
157
158			public function preUpdate(): void
159			{
160			$this->setUpdatedAt(new \DateTime());
161			}
162
163			/**
164			* @static
165			*
166			* @return string[]
167			*/
168			public static function getStatusList()
169			{
170			return [
171			self::STATUS_OK => 'ok',
172			self::STATUS_SENDING => 'sending',
173			self::STATUS_PENDING => 'pending',
174			self::STATUS_ERROR => 'error',
175			self::STATUS_ENCODING => 'encoding',
176			];
177			}
178
179			public function setBinaryContent($binaryContent): void
180			{
181			$this->previousProviderReference = $this->providerReference;
182			$this->providerReference = null;
183			$this->binaryContent = $binaryContent;
184			}
185
186			public function resetBinaryContent(): void
187			{
188			$this->binaryContent = null;
189			}
190
191			public function getBinaryContent()
192			{
193			return $this->binaryContent;
194			}
195
196			public function getMetadataValue($name, $default = null)
197			{
198			$metadata = $this->getProviderMetadata();
199
200			return $metadata[$name] ?? $default;
201			}
202
203			public function setMetadataValue($name, $value): void
204			{
205			$metadata = $this->getProviderMetadata();
206			$metadata[$name] = $value;
207			$this->setProviderMetadata($metadata);
208			}
209
210			public function unsetMetadataValue($name): void
211			{
212			$metadata = $this->getProviderMetadata();
213			unset($metadata[$name]);
214			$this->setProviderMetadata($metadata);
215			}
216
217			public function setName($name): void
218			{
219			$this->name = $name;
220			}
221
222			public function getName()
223			{
224			return $this->name;
225			}
226
227			public function setDescription($description): void
228			{
229			$this->description = $description;
230			}
231
232			public function getDescription()
233			{
234			return $this->description;
235			}
236
237			public function setEnabled($enabled): void
238			{
239			$this->enabled = $enabled;
240			}
241
242			public function getEnabled()
243			{
244			return $this->enabled;
245			}
246
247			public function setProviderName($providerName): void
248			{
249			$this->providerName = $providerName;
250			}
251
252			public function getProviderName()
253			{
254			return $this->providerName;
255			}
256
257			public function setProviderStatus($providerStatus): void
258			{
259			$this->providerStatus = $providerStatus;
260			}
261
262			public function getProviderStatus()
263			{
264			return $this->providerStatus;
265			}
266
267			public function setProviderReference($providerReference): void
268			{
269			$this->providerReference = $providerReference;
270			}
271
272			public function getProviderReference()
273			{
274			return $this->providerReference;
275			}
276
277			public function setProviderMetadata(array $providerMetadata = []): void
278			{
279			$this->providerMetadata = $providerMetadata;
280			}
281
282			public function getProviderMetadata()
283			{
284			return $this->providerMetadata;
285			}
286
287			public function setWidth($width): void
288			{
289			$this->width = $width;
290			}
291
292			public function getWidth()
293			{
294			return $this->width;
295			}
296
297			public function setHeight($height): void
298			{
299			$this->height = $height;
300			}
301
302			public function getHeight()
303			{
304			return $this->height;
305			}
306
307			public function setLength($length): void
308			{
309			$this->length = $length;
310			}
311
312			public function getLength()
313			{
314			return $this->length;
315			}
316
317			public function setCopyright($copyright): void
318			{
319			$this->copyright = $copyright;
320			}
321
322			public function getCopyright()
323			{
324			return $this->copyright;
325			}
326
327			public function setAuthorName($authorName): void
328			{
329			$this->authorName = $authorName;
330			}
331
332			public function getAuthorName()
333			{
334			return $this->authorName;
335			}
336
337			public function setContext($context): void
338			{
339			$this->context = $context;
340			}
341
342			public function getContext()
343			{
344			return $this->context;
345			}
346
347			public function setCdnIsFlushable($cdnIsFlushable): void
348			{
349			$this->cdnIsFlushable = $cdnIsFlushable;
350			}
351
352			public function getCdnIsFlushable()
353			{
354			return $this->cdnIsFlushable;
355			}
356
357			public function setCdnFlushIdentifier($cdnFlushIdentifier): void
358			{
359			$this->cdnFlushIdentifier = $cdnFlushIdentifier;
360			}
361
362			public function getCdnFlushIdentifier()
363			{
364			return $this->cdnFlushIdentifier;
365			}
366
367			public function setCdnFlushAt(?\DateTime $cdnFlushAt = null): void
368			{
369			$this->cdnFlushAt = $cdnFlushAt;
370			}
371
372			public function getCdnFlushAt()
373			{
374			return $this->cdnFlushAt;
375			}
376
377			public function setUpdatedAt(?\DateTime $updatedAt = null): void
378			{
379			$this->updatedAt = $updatedAt;
380			}
381
382			public function getUpdatedAt()
383			{
384			return $this->updatedAt;
385			}
386
387			public function setCreatedAt(?\DateTime $createdAt = null): void
388			{
389			$this->createdAt = $createdAt;
390			}
391
392			public function getCreatedAt()
393			{
394			return $this->createdAt;
395			}
396
397			public function setContentType($contentType): void
398			{
399			$this->contentType = $contentType;
400			}
401
402			public function getContentType()
403			{
404			return $this->contentType;
405			}
406
407			public function getExtension()
408			{
409			$providerReference = $this->getProviderReference();
410			if (!$providerReference) {
411			return null;
412			}
413
414			// strips off query strings or hashes, which are common in URIs remote references
415			return preg_replace('{(\?\|#).*}', '', pathinfo($providerReference, PATHINFO_EXTENSION));
			0 ignored issues – show Bug Compatibility introduced 2019-02-17 01:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `preg_replace('{(\\?\|#).*..., PATHINFO_EXTENSION));` of type `string\|string[]` adds the type `string[]` to the return on line 415 which is incompatible with the return type declared by the interface `Sonata\MediaBundle\Model...Interface::getExtension` of type `string`. Loading history...
416			}
417
418			public function setSize($size): void
419			{
420			$this->size = $size;
421			}
422
423			public function getSize()
424			{
425			return $this->size;
426			}
427
428			public function setCdnStatus($cdnStatus): void
429			{
430			$this->cdnStatus = $cdnStatus;
431			}
432
433			public function getCdnStatus()
434			{
435			return $this->cdnStatus;
436			}
437
438			public function getBox()
439			{
440			return new Box($this->width, $this->height);
441			}
442
443			public function setGalleryItems($galleryItems): void
444			{
445			$this->galleryItems = $galleryItems;
446			}
447
448			public function getGalleryItems()
449			{
450			return $this->galleryItems;
451			}
452
453			public function getPreviousProviderReference()
454			{
455			return $this->previousProviderReference;
456			}
457
458			/**
459			* NEXT_MAJOR: Remove this method when bumping Symfony requirement to 2.8+.
460			*/
461			public function isStatusErroneous(ExecutionContextInterface $context): void
462			{
463			if ($this->getBinaryContent() && self::STATUS_ERROR === $this->getProviderStatus()) {
464			$context->buildViolation('invalid')->atPath('binaryContent')->addViolation();
465			}
466			}
467
468			/**
469			* @return CategoryInterface
470			*/
471			public function getCategory()
472			{
473			return $this->category;
474			}
475
476			/**
477			* @param CategoryInterface\|null $category
478			*/
479			public function setCategory($category = null): void
480			{
481			if (null !== $category && !is_a($category, CategoryInterface::class)) {
482			throw new \InvalidArgumentException(
483			'$category should be an instance of Sonata\ClassificationBundle\Model\CategoryInterface or null'
484			);
485			}
486
487			$this->category = $category;
488			}
489			}
490

sonata-project / SonataMediaBundle

Issues (234)

Security Analysis not enabled

src/Model/Media.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like